Watch the video series on demand
4 x 30 minute sessions packed with valuable, practical knowledge
Understand how to get the proof points you need to satisfy the auditors
Full agendas: 4 x 30-minute sessions that will ensure your team is on track for compliance in January ...
Learn More
DORA in its most simple terms. If you have these four key areas covered, you will be in great shape to comply ...
Learn More
CIS Critical Security Controls provide a recommended framework that can smooth your path to compliance ...
Learn More
Every business is a link in a chain. Where is your weakest link? What can you do to strengthen your chain?
Learn MoreYou know the directive and your teams are busy. But busy does not mean compliant. Now is the time to ask the right questions to see for sure how ready you are for the auditors.
Your host, David Thomas, Head of Cyber Resilience at ITHQ, is a highly qualified and experienced CISO holding (ISC)² CISSP, ISO 27001 Certified ISMS Lead Implementer, CISA Certified Information Systems Auditor, and SABSA Chartered Security Architect Foundation (SABSA-FCP).
Using the CIS Critical Controls as a guide and his experience as an auditor, David helps you navigate the four key areas of compliance, delivers practical knowledge and advice to ensure you have the reports, access logs and other vital proof points you need ahead of January 2025.
The videos are now available on demand via the registration pages.
Who's on your networks, what can they see and what can they do?
Guest speaker: privileged access management specialist, Chris Dearden, from Delinea.
● Inventory and control: enterprise assets
● Inventory and control: software assets
● Account management
● Access control management
Aired 15th October 2024. Complete the form on the registration page via the link below to watch on demand.
Where are your weakest points, how do you find them and how do you fix them?
Guest speaker: Scott Nursten, CEO, ITHQ
● Continuous vulnerability assessment
● Audit log management
● Penetration testing
Aired October 16th. Complete the form on the registration page via the link below to watch on demand.
Is your network operating efficiently, is it secure and how do you maintain it?
Guest speaker: Head of Hybrid Cloud, Nik Grove, ITHQ.
● Secure configuration enterprise assets and software
● Network infrastructure management
● Network monitoring and defense
● Application software security
Aired October 17th. Complete the form on the registration page via the link below to watch on demand.
How can your data be attacked, how far can the attack go and what happens if your data gets wiped?
Guest speakers: Nick Brayne, Cyber Insurance specialist from Sutton Winson and Nik Grove, Head of Hybrid Cloud, ITHQ
● Email and web browser protections
● Malware defenses
● Data protection
● Data recovery
● Incident response management
Aired October 18th. Complete the form on the registration page via the link below to watch on demand.
Financial services firms generated 12% of the UK's economic output in 2023.DORA is an EU regulation that will make this critical sector more resilient to cyber attacks by reducing risk and improving governance.
The four domains of DORA that must be demonstrated and evidenced are:
● ICT risk management and governance
● Your system for incident response and reporting
● Your protocol for digital operational resilience testing
● Your third-party risk management
Information sharing is recommended as well.
Strategise security updates to ensure budget is allocated and to eliminate knee-jerk spend.
Create a process that spans discovery, response and reporting of an incident and share it.
Scenario-based testing is critical. Face the worst cases regularly so that you are fully prepared.
Verify compliance and security credentials of all third party providers. Review annually.
This established, recommended framework can guide your team efficiently to demonstrate and evidence how you cover critical areas of data security.
Implementation groups
IG1 Essential cyber hygiene for SMEs with limited IT and expertise
The definition of essential cyber hygiene, IG1 represents a minimum standard of security for simple-structure organisations. Data sensitivity is low. Gives defence against broad, non-specific attacks.
IG2 Medium cyber security for mid-size businesses with complex needs
For businesses managing IT infrastructure across multiple departments with differing risk profiles, IG2 incorporates IG1 and helps enterprises with increased operational complexity reduce risk further.
IG3 Expert security for businesses handling publicly sensitive data
IG3 incorporates IG2 and IG1, helping firms with expert IT security teams secure sensitive, confidential data. Successful attacks could significantly harm public welfare.
.webp)
Begin by developing an exhaustive understanding of your supply chain. Evaluate the sensitivity of your operations and data access points to establish who your direct and indirect suppliers are, along with assessing their security postures.
The necessity for tight security measures becomes apparent in ensuring that suppliers uphold standards compatible with yours. Documentation of these aspects forms the backbone of creating risk profiles and defining stringent data protection standards expected from all parties involved.
With a comprehensive perspective of the supply chain's structure, pinpoint potential vulnerabilities and direct your efforts on mitigating these weak points. Frequent evaluations reveal patterns and dependencies that may necessitate diversification of your supplier base to reduce concentrated risks.
Communication about your security expectations and the repercussions of non-compliance must be clear to every supplier. Leading by example, foster a culture that underscores the significance of security and facilitate mechanisms for managing and mitigating incidents.
Confidence in your strategies is mandatory, and so is their validation. Effective contract management ensures that security clauses, like those requiring Cyber Essentials Plus or ISO 27001 certification, are always current and relevant.
Watch for extended, unchecked contracts, which can become obsolete as security paradigms shift. Introduce clauses like the right to audit, encouraging mutual compliance and regular revisions among your partners.
As the business environment and potential threats evolve, so should your strategies and those of your partners. Promote an environment where continuous improvement is both encouraged and supported, aligning with strategic goals which enhance competitive prowess and ensure resilience.
Solidifying supply chain security is a collective responsibility. It involves creating synergetic partnerships based on shared values and continuous dialogue, ensuring all nodes within the chain are robust enough to withstand and adapt to the challenges posed by modern cybersecurity threats.
